Commit 1936083c authored by BAIRE Anthony's avatar BAIRE Anthony

remove old registry image

parent c5a6fdcd
Dockerfile*
.git
.*.swo
.*.swp
FROM allgo/base-debian
COPY *.deb /tmp/
RUN useradd --home /nonexistent docker-registry && dpkg -i /tmp/docker-registry_*_amd64.deb && apt-getq install nginx-light
COPY . /tmp/context
RUN sh /tmp/context/setup.sh
USER docker-registry
CMD ["run-registry"]
EXPOSE 8000 8001 8002
# config inspired from https://docs.docker.com/registry/recipes/nginx/
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
# allow access to the /v2/ but not the subpathes
location = /v2/ {
proxy_pass http://registry/v2/;
}
# return 403 for all other /v2/ urls
location /v2/ {
deny all;
}
# return 404 everywhere else
location / {
return 404;
}
version: 0.1
log:
level: info
storage:
filesystem:
rootdirectory: /vol/rw/
cache:
blobdescriptor: inmemory
delete:
enabled: true
http:
addr: 127.0.0.1:5555
headers:
X-Content-Type-Options: [nosniff]
#user www-data;
worker_processes 2;
pid "/tmp/nginx.pid";
events { }
error_log /vol/log/nginx/error.log;
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
##
# Logging Settings
##
access_log /vol/log/nginx/access.log;
upstream registry {
server 127.0.0.1:5555;
}
# we do not use /etc/nginx/sites-enabled/ because the container does
# not run as root (and chowning it is not sufficient because of image
# upgrades)
include /tmp/sites-enabled/*.conf;
}
#!/bin/sh
set -x -e
# create nginx data directories
mkdir -p /vol/cache/nginx /vol/log/nginx /vol/rw
#### vhosts configuration #####
mkdir -p /tmp/sites-enabled
rm -f /tmp/sites-enabled/*
# dev server always enabled
ln -s /etc/nginx/sites-available/dev.conf /tmp/sites-enabled/
# prod/qualif servers enabled if certificates are installed
# (otherwise nginx fails to start completely)
for name in prod qualif
do
crt="/vol/ro/ssl/$name-allgo-registry-server.crt"
if [ -f "$crt" ] ; then
ln -s "/etc/nginx/sites-available/$name.conf" /tmp/sites-enabled/
else
echo "WARNING: vhost '$name' not enabled (certificate not present: $crt)" >&2
fi
done
#### start the servers ####
# test the nginx config && start nginx
nginx -t
nginx
# start the registry
exec docker-registry serve /etc/docker/registry/config.yml
#!/bin/sh
set -ex
cd /tmp/context
install -m 0644 config.yml /etc/docker/registry/
install -m 0644 nginx.conf common.conf ssl.conf /etc/nginx/
install -m 0755 run-registry /usr/local/bin/
install -m 0644 sites/*.conf /etc/nginx/sites-available/
diversions add /var/lib/nginx /vol/cache/nginx
rm -rf /tmp/context
server {
# dev server: allow access to /v2/allgo/dev/ only
listen 8002;
location /v2/allgo/dev/ {
proxy_pass http://registry/v2/allgo/dev/;
proxy_redirect http://registry/ http://$host:$server_port/;
}
include /etc/nginx/common.conf;
}
server {
# prod server: allow access to /v2/allgo/prod/ only
listen 8000;
location /v2/allgo/prod/ {
proxy_pass http://registry/v2/allgo/prod/;
proxy_redirect http://registry/ https://$host:$server_port/;
}
include /etc/nginx/common.conf;
# SSL config
include /etc/nginx/ssl.conf;
ssl_certificate /vol/ro/ssl/prod-allgo-registry-server.crt;
ssl_certificate_key /vol/ro/ssl/prod-allgo-registry-server.key;
ssl_client_certificate /vol/ro/ssl/prod-allgo-registry-ca.crt;
}
server {
# qualif server: allow access to /v2/allgo/qualif/ only
listen 8001;
location /v2/allgo/qualif/ {
proxy_pass http://registry/v2/allgo/qualif/;
proxy_redirect http://registry/ https://$host:$server_port/;
}
include /etc/nginx/common.conf;
# SSL config
include /etc/nginx/ssl.conf;
ssl_certificate /vol/ro/ssl/qualif-allgo-registry-server.crt;
ssl_certificate_key /vol/ro/ssl/qualif-allgo-registry-server.key;
ssl_client_certificate /vol/ro/ssl/qualif-allgo-registry-ca.crt;
}
ssl on;
ssl_verify_client on;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:1m;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
#TODO: restore it
#ssl_dhparam /vol/rw/dhparams.pem;
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment